This is a writeup on getting OpenBSD running on PC Engines APU2.
Motivation: I chose OpenBSD because I have a few ideas for building a router that protects IoT-rich networks. OpenBSD's combination of proactive security and a clean networking stack made it possible to quickly implement a proof-of-concept. If anyone's interested in working on such a project, contact me. :)
Note: Some of the steps require downloading software. Whenever possible, verify checksums of such software or better yet, download it from a well-known repository. Remember Reflections on Trusting Trust!
Component | Source | Link | Price |
---|---|---|---|
APU.2C4 system board (GX-412TC quad core / 4GB / 3 Intel GigE / 2 miniPCI express / mSATA / USB / RTC battery) | PC Engines | apu2c4 | $122 |
Enclosure (3 LAN, black, USB) | PC Engines | case1d2blku | $10 |
AC adapter 12V 2A euro plug | PC Engines | ac12veur2 | $4.4 |
SSD M-Sata 16GB MLC, Phison S9 controller | PC Engines | msata16d | $17 |
SD card 4GB pSLC Phison (MLC flash running in SLC mode) | PC Engines, anywhere | sd4b | $6.6 |
Compex WLE200NX 802.11a/b/g/n miniPCI express wireless card | PC Engines | wle200nx | $19 |
Pigtail cable I-PEX -> reverse SMA | PC Engines | pigsma | 2 x $1.5 |
Antenna reverse SMA dual band | PC Engines | antsmadb | 2 x $2.05 |
Null modem cable DB9-F to DB9-F | PC Engines, anywhere | db9cab1 | $1.3 |
USB to RS-232 DM9-M adapter | Sabrent (FTDI) | USB-2920 | $10.11 |
8GB USB Flash Drive | Amazon, anywhere | CZ50 | $4.29 |
Total $202.68 without shipping.
Assemble the hardware per the instructions on the PC Engines website. Remember:
- Cooling
- Ground wireless card
- Insert the SD card
Note that the serial port settings for the APU2 are 115200 baud rate, 8N1 (8 data bits, no parity, 1 stop bit).
- Install the USB to serial driver
- Plug the USB end of the USB to serial cable to the Mac
- Plug the DB9-M end of the USB to serial cable to one end of the null modem cable
- Plug the other end of the null modem cable to the APU2
- Connect to the APU2 from the terminal:
screen /dev/tty.usbserial 115200
(note: your device might be different, look for devices withtty
andserial
in their name)
Power the APU2 off and back on by pulling the plug and plugging it back in, respectively. You should see output on the screen.
BIOS updates require flashing the ROM. Create a bootable USB flash drive with TinyCore Linux from PC Engines. It includes flashrom
but doesn't include any ROM images you might need. Steps:
- Download TinyCore Linux (apu2-tinycore6.4.img.gz, sha256sum:
4b834077ec5da535b07ab7e17215eb8d64b71dbcfd3f9076d51252a0f7158f3c
) and extract it to get apu2-tinycore6.4.img - Download the latest ROM (apu2_160311.zip, sha256sum:
e939187ebe29a45e6ef5000c1ca0564473495f41a5290797e4b639c340562f46
) and extract it to get apu2_160311.rom. It is required for making wireless networking work and booting from an SD card - Double click apu2-tinycore6.4.img to mount the image and drag apu2_160311.rom to it
- Eject the TinyCore Linux image (usually named SYSLINUX)
- Insert the USB flash drive to the Mac, figure out which device it is (with
diskutil list
, let's assume it's/dev/disk2
) and unmount it (diskutil unmountDisk /dev/disk2
) - Write the TinyCore Linux image to the flash drive:
sudo dd if=apu2-tinycore6.4.img of=/dev/rdisk2 bs=1m
(note the use ofrdisk2
- that's the raw device) - Eject the USB flash drive
If the BIOS needs updating - the version displayed during boot is not the latest that's on the PC Engines website - follow these steps:
- Power off the APU2
- Insert the USB flash drive to one of the APU2's USB slots
- Connect the serial console cable
- Power on the APU2
- Press F10 to enter the APU2 boot menu. In the boot menu, opt to boot from the USB flash drive (usually option number 1)
- Once you get to a prompt, use
flashrom
to update the BIOS. The ROM file will be in/media/SYSLINUX
:flashrom -p internal -w /media/SYSLINUX/apu2_160311.rom
- When verification is done, reboot the APU2 so changes take effect
- Download the OpenBSD installer,
amd64/install59.fs
(SHA256 fingerprint), file-system image (not ISO!) from one of the mirrors - Insert the USB flash drive to the Mac, figure out which device it is (with
diskutil list
, let's assume it's/dev/disk2
) and unmount it (diskutil unmountDisk /dev/disk2
) - Write the installer image to the flash drive:
sudo dd if=install59.fs of=/dev/rdisk2 bs=1m
(note the use ofrdisk2
- that's the raw device) - Eject the USB flash drive
Note: Starting with OpenBSD 6.0, this is done by the installer.
The following settings are required for proper serial console output:
stty com0 115200
set tty com0
Enter them in the boot>
prompt when booting the installer. Put them in /etc/boot.conf
so they're always in effect.
- Power off the APU2
- Insert the bootable OpenBSD installer USB flash drive to one of the USB slots on the APU2
- Power on the APU2, press F10 to get to the boot menu, and choose to boot from USB (usually option number 1)
- At the
boot>
prompt, remember the serial console settings (see above) - Also at the
boot>
prompt, press Enter to start the installer - Follow the installation instructions
The driver used for wireless networking is athn(4). It might not work properly out of the box. Once OpenBSD is installed, run fw_update
with no arguments. It will figure out which firmware updates are required and will download and install them. When it finishes, reboot
.
These instructions were collected from websites, mailing lists, forums, and whatever I could find.